On Thu, May 26, 2011 at 8:16 AM, Claudio Prono <claudio.pr...@atpss.net> wrote: > > > Il 25/05/2011 20.14, Ken Dreyer ha scritto: >> On Wed, May 25, 2011 at 7:12 AM, Claudio Prono <claudio.pr...@atpss.net> >> wrote: >>> When the Windows Client change his Kerberos password on the >>> OpenAFS server >> I'm not sure what this means, because OpenAFS servers (besides >> kaserver) don't store users' passwords. Can you provide more >> information about your Kerberos environment, specifically, what >> implementation of Kerberos (kaserver, Heimdal, MIT) you are using to >> authenticate users to AFS? >> >> - Ken > > I use Mit Kerberos to store users passwords. >
You shouldn't really have to synchronize anything at all. If you're doing the dummy account dance on the AD side; that is, the user object in AD is mapped to a principal in your MIT realm via alternate security IDs, then the user simply has to change his password in the MIT realm directly. Where I went to school did this; they simply have a webpage where users can change their passwords. -- Coy Hile coy.h...@coyhile.com _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info